Historically, executable content could only installed on a computer system by physically bringing magnetic media to the computer and having someone with administrative privileges install it. At present, however, the Internet has made it very easy and popular for ordinary computer users to download executable content such as ActiveX controls, programs, and scripts. In many cases, executable content may be downloaded and executed via the Internet without the user even realizing that such an event took place.
Unfortunately, such executable content is often unruly, e.g., it may be malicious and intentionally destroy data on the client machine, error-prone and cause the client machine to crash, or well-intentioned but careless and divulge confidential information about the client. Although these types of computer problems have previously existed in the form of "viruses" and "trojans," the ubiquitous presence of World Wide Web has made these problems widespread, and in some cases out of control. In general, client operating environments are not adequately protected against unruly code.
Some operating systems already have an existing security mechanism that limits what non-privileged users may do. For example, the security system built into the Windows NT operating system controls access to resources based on the identities of users. When a Windows NT process wishes to access a resource to perform some action, the security mechanism in Windows NT compares a client's user and group IDs and privileges associated with that process against security information assigned to that resource to grant or deny access to the resource. In this manner, unauthorized users are prevented from accessing resources and potentially causing harm, while authorized users may be limited in the actions they are allowed to perform.
However, at present, when a user process has the appropriate rights or privileges to access a resource, the process, which may include executable content that is unruly, may access the resource with undesirable results. For example, a Windows NT user having appropriate credentials may download and execute unruly code, whereby any or all of the above-described adverse consequences may result. Other security models have similar and other drawbacks that make them vulnerable to the same problems.